Win32/Koobface, MSRT and Industry Cooperation

On March 10 we released an update to the Malicious Software Removal Tool to add targeting of the Win32/Koobface family. The addition of this threat came out of discussions with the security team at Facebook but this is not the first time we have added a family of malicious software to MSRT on request. We regularly work with CERTs, government agencies, ISPs and companies on threats as part of our outreach activities.

Win32/Koobface falls in as the sixth most common threat removed by MSRT this month.

Rank

Family

Reports

1

Taterf

1,502,160

2

Frethog

649,881

3

Alureon

317,919

4

Vundo

213,643

5

FakeXPA

200,941

6

Koobface

197,970

7

Lolyda

184,835

8

Renos

153,307

Win32/Koobface has impacted systems in locales where English is a primary or secondary language with the greatest frequency – likely due to the social engineering aspect of its propagation which was discussed in Scott Molenkamp’s earlier discussion of this threat.